CVE-2020-9380

CRITICAL

IPTV Smarters WEB TV PLAYER < 2020-02-22 - OS Command Execution via File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-9380. PoCs published by migueltarga.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2020-9380, an arbitrary file upload vulnerability in IPTV Smarters WebPlayer. The exploit uploads a malicious PHP file via the vulnerable `ajax-control.php` endpoint and executes commands through a GET parameter.

Description

IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script.

Exploits (1)

nomisec WORKING POC 13 stars

by migueltarga · poc

https://github.com/migueltarga/CVE-2020-9380

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2020-9380, an arbitrary file upload vulnerability in IPTV Smarters WebPlayer. The exploit uploads a malicious PHP file via the vulnerable `ajax-control.php` endpoint and executes commands through a GET parameter.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: IPTV Smarters WebPlayer

No auth needed

Prerequisites: Network access to the vulnerable IPTV Smarters WebPlayer instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Product x_refsource_misc

https://www.whmcssmarters.com

Exploit, Third Party Advisory x_refsource_misc

https://github.com/migueltarga/CVE-2020-9380

Scores

CVSS v3 9.8

EPSS 0.0398

EPSS Percentile 89.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

whmcssmarters/web_tv_player < 2020-02-22

Published Mar 05, 2020

Tracked Since Feb 18, 2026